317 Protocol
Packet structure When the client sends a packet to the server, the first byte encapsulates its opcode. This specific opcode is encrypted with a value generated by the ISAAC PRNG seeded with a dynamically server generated key during the login block. The server decrypts it and associates the opcode to the packet's respective predefined size. If the packet does not contain a fixed size, the opcode will be followed by either a byte or a word - varying per packet - for its proper size. This is then followed by the payload. Login Protocol Overview Every connection to the main 'gateway' server sends a single byte of data, mostly well known as the connection type. The connection type tells the main server which type of connection you wish to initiate. The old engine list consists of: * Login request - connection type 14 * Update - connection type 15 * New connection login - connection type 16 * Reconnecting login - connection type 18 The connection type we will cover in the following paragraphs is the login connection type, 14. After the login handshake initiating connection type, the client writes a small bit of data derived from the logging in player's username. This is believed to help select the appropriate login server. On successful handshake, the server sends back 8 ignored bytes. long l = TextUtils.encodeAsBase37Integer(username); int i = (int) (l >> 16 & 31L); out.offset = 0; out.writeByte(14); // Initiate connection type out.writeByte(i); // "small bit of data derived from... player's username" in.queueBytes(2, out.payload); for (int j = 0; j < 8; j++) in.read(); At this point, the client reads in one byte, called the status code. The status code 0 is expected to start the login protocol correctly. If the status code is 0, the client reads a long, dubbed by many as the server session key. This is used to help generate a unique seed for the client session's packet opcode masking. The client then stores two ints that are the upper and lower ints of the client session key, which has the same purpose as the server's key. The client then starts writing the login block, which is RSA encrypted. The login block starts with the byte 10, which is considered a magic number. Following it is the client session key and server session key longs. After the session keys, the session's UID (unique identifier or user identifier) is written to the block. This is used to distinguish between multiple sessions. Trailing behind the UID comes the client's username and password written as modified C-strings that are rather terminated with a 10 byte than a NUL byte. This block is then RSA encrypted and stored for later use. Now starts the login request packet. It starts off with a flag telling the server whether or not the client is reconnecting or connecting for the first time. The byte is 18 or 16, respectively. CLASSIFIED AS A CONNECTION TYPE Following is the size of the rest of the login response packet, including the login block that trails at the end, to tip the server how much data it should expect. Later comes the magic number byte 255, and right behind it the client revision short. The packet is just about crafted completely. A flag byte that represents if the client is running in low memory or high memory modes is sent, and after the 9 CRC32 checksums of the file system 0 basic archives (this includes versionlist, media, config, etc.). To top it off, the RSA encrypted login block is appended to the end and the packet is sent to the server. The ISAAC ciphers are seeded for packet opcode masking after adding 50 to each int of the session keys, and the status code is reread. This finishes the login protocol. Login Protocol Breakdown The login is comprised of four stages in which the client and server switch in regards to which one is reading and which one is writing. Variables: The login process has a lot of variable data, compiled here is a list of the variables and their different values. 'Name Hash' A hash of the player name, thought to be used to select an appropriate login server. This has no use in current private servers. 'Server Session Key' The server-session-key is one of two ciphers used to encrypt the game protocol, using the ISAAC algorithms. ''"Data File Version" The CRC checks for the cache files 'User ID' The ID of the user. 'Username' The username of the player, used to identify their account. 'Password' The password of the player account, used so only they can log into their account. 'Client Session Key' The client-session-key is one of two ciphers used to encrypt the game protocol, using the ISAAC algorithms. 'Connect Status' The status of the connection. 'Size' The size of the unencrypted login packet, used to determine how many bytes need to be read from the stream by the server. 'Client Version' The memory-version of the game client. 'CRC Values' 9 4-byte values, Each containing the CRC of their respective cache files. Used by the server to verify client is up to date. 'Player Status' The in-game player status - player, player moderator, or administrator. 'Flagged' If set to 1, information about mouse movements etc. are sent to the server. Suspected bot accounts are flagged. 'Response Codes' At the beginning and end of the login procedure, we send different values to the client to allow or deny a login. The various values show different messages on the login box on the client or do something internally. '''Regarding response code 15' On the server, players are not unregistered for quite some time. This can be best witnessed when the client forcefully closes the connection while in combat. If you're quick enough before the player dies or kills the NPC, login attempts during that time return that the account is already logged in. This probably explains why the message says "try again in 60 seconds", and they just reused the response when the player is truly logged in. Going along with this "players aren't offline yet" idea, when the client experiences some lag and performs a reconnect, it sends byte 18 as it's connection type to the server. The server most likely saves this as a boolean (reconnect = var 18;). When the login is entirely validated, meaning the password's are okay and the server isn't full, it can either send back the normal response, 2, or 15. But why 15? If you look at the client code, you'll see that the chat messages aren't cleared. If you've ever had a poor connection you've noticed that your chat stays there upon a reconnect, and this is exactly why. When you implement response code 15 though, you do NOT need to send the "player status" or the "flagged" bytes. Login Process: Stage 1: Client -> Server Stage 2: Server -> Client Stage 3: Client -> Server Stage 4: Server -> Client Player Updating The player updating process consists of 4 parts: * a) Our player movement updates * b) Other player movement updates * c) Player list updating ** a) Apperance updating ** b) Location updating * d) Player update block flag-based updates Our player movement updates The client begins by reading 1 bit. This bit tells the client whether or not it is currently updating 'our player', or the player the client is controlling. If it's not updating our player, it exits and goes onto step b. If it is, it then reads 2 bits. The value is called the movement update type. There are 4 recognized movement update types: * Type 0 basically tells the client there is nothing to update for our player, just add its index to the local updating list. * Type 1 tells the client you moved in one direction. The client reads 3 bits, which represents the direction you moved in, and then 1 bit, which states whether further update is required. If so, it adds it to the updating list. This is used in walking. * Type 2 functions in much of the same way as its previous, only this time it reads two 3 bit values. The first represents the player's last direction, and the second it's current direction. Trailing behind it is also the 1 bit 'update required' flag as type 1. This is used in running. * Type 3 on the other hand is different. It reads in 2 bits which represents our player's plane, or its level of height, in the game world. Only 0-3 inclusive are appropriate planes supported by the client. It then reads 1 bit, which describes whether or not to clear the awaiting-waypoint queue, basically to stop client from further queued stepping, such as used in teleporting. After this, it reads the 'update required' bit, and checks to see if further update is required. Directly after, it reads two 7 bit quantities, representing the new relative X and relative Y coordinates of our player to our current map region's origin. It then sets our players position to the plane, x, and y positions as told to. Other player movement updates The client begins by reading an 8 bit value telling the client how many players there are to update. It then enters a loop for each player there is to update. Inside this loop, the client reads 1 bit. This is the movement update required flag. If the flag is 0, it sets the current updating player's last update cycle time to the current game logic loop cycle time, and adds the player to the local player list. If the flag is not 0, it then reads the movement update type, which is a 2 bit quantity. The following known types are: * 0, the client updates the current player's last update cycle time, adds the current player to the local player list, and adds it to the updating list. * 1, the client updates the current player's last update cycle time and adds the current player to the local player list as well, but also reads in 3 bit quantity. This represents the current player's direction it walked to. It then reads the a 1 bit value that specifies whether or not to add the player to the updating list. * 2, the client does the exact same thing as the type 2 update, except it reads in two of the 3 bit quantities. The first represents the current player's last direction, and the second its current direction running. * 3, it only adds the player to the needing-update list, or so believed. Type 3 is not well known. Player list updating The next step in the player updating procedure is the player list updating, or where the client recieves data on every player in its local list, such as appearance and location relative to ours. The client loops through a process for each player in the updating. The client reads an 11 bit quantity from the buffer, which is the next player in the updated list to be informed about. The clietn then checks if it has a cached buffer for that player's updating, and if it does, it updates the player appearance. Appearance updating Appearance updating starts off by first reading an unsigned byte that represents the current player's gender. Then it reads another unsigned byte that represents the player's over-head icon id. This is used with prayer icons above heads. Next, a loop occurs 12 times to read equipment data. In the loop, the client reads an unsigned byte that is the equipment slot's item id high byte. If it is 0, the player's equpment slot has no item. If it is not 0, another unsigned byte is read the merged with the previous to create the equipment's item id. If the id is 65535 (written as a -1 signed short), then the player's appearance is that of an NPC. The client reads in an unsigned short representing the NPC's id and sets the player's definition to that NPC's. After the equipment loop, it loops 5 times, once for each type of coloured body part. In each loop, the client reads an unsigned short and assigns it as the color of the current loop idx (which represents the body part). Finally, after the color loop, the client reads 7 unsigned shorts representing animation indices; the animations belong to: * Standing still * Turning while standing * Walking * Turning around (backwards) * Turning a quarter-way clockwise * Turning a quarter-way counter clockwise * Running After these animation indices are read, a long representing the player's name is read, an unsigned byte representing the combat level, and an unsigned short representing the players skill level (for things where players arent ranked by levels, such as where it states ' (skill )' as an action menu text). Location updating After the appearance updating, the client starts to update that player's location relative to our player. The player is added to the local player list and it's last update cycle time. It then reads a 1 bit quantity that defines whether or not the client has a chunk in the player update block list. If it does, it adds it to the updating list. The next bit states whether or not to discard the awaiting-waypoint queue, such as when teleporting. It then reads to 5 bit values that determine the players relative X and Y coordinates to our player. The local player area is 16x16, so if the delta of the two coordinates is > 15, 32 is subtracted from it to signify the player is on the other side of ours. The client then sets the player's position, ending the player list updating process. Update block flag-based updating The following is what most people think of when they say 'update mask' and 'update flag'. This process of the updating procedure is very important. It begins with looping through ALL players in the local player update list, reading an unsigned byte which from now on will be called the update flag. All further updates are seen to be 'included' by comparing a bitwise mask to this flag. If the flag has the bits for 0x40 all on, this signifies that the flag was too large for a simple unsigned byte and reads in another unsigned byte, which it uses as the upper unsigned byte, therefore the update flag is an unsigned little-endian short. The client then passes off the data to a helper method which processes all updates this flag signifies. Inside this method, many different bitwise masks are compared to the player's flag, and if the mask is set, logic is performed. These masks are frequently called update masks. A list of player update masks are below: * 0x400 The 0x400 mask is used to update the player so they appear to be asynchronously animating and walking. This mask is often used for the Agility skill. The data associated goes in order of: byte (type C) which is the first location's X coordinate value, byte (type S) which is the first location's Y coordinate value, byte (type S) which is the second location's X coordinate value, byte (type C) the second location's Y coordinate value. After the locations are written, there is a required movement speed which is written as a short which marks how fast to move from position 1 to position 2. Another short (type A) is written as the movement speed going from position 2 to position 1. Finally one byte is written to end the mask block, which marks the direction. * 0x100 The 0x100 mask is responsible for player graphics updating. The data associated is a little-endian unsigned short which represents the graphics id, and an int which is the graphics delay. * 0x8 Animations are handled by the 0x8 mask. The payload for this update is a little-endian unsigned short that is the animation id, and an unsigned inversed byte which states the animation's delay. * 0x4 The beloved 0x4 mask takes care of forced player text that is only displayed above the player's model. The only data associated with this is a jagex ASCII string with a terminator of 10. * 0x80 Unlike the previous, the 0x80 mask handles normal player chat text. The client will read a little-endian unsigned short which holds chat text attributes. It holds the text color and chat effects. Next, the client reads an unsigned byte which states the player's priveleges (normal player, player moderator, moderator, staff) to give the chatter's name a crown. Right behind it trails an unsigned inversed byte that gives chat text length in bytes. Trailing afterwards is dictionary-compressed chat text. All chat text characters become indexes into a valid character table and are written as nibbles (4 bit quantities). * 0x1 Updating the player's current interacting-entity is done via mask 0x1. The entity id is written as a little-endian unsigned short. * 0x10 The 0x10 mask updates appearance of the player in exact same way as in updating player list. Only difference is that appearance is updated from a set-sized buffer filled from the current buffer. An unsigned inversed byte is read first which describes appearance buffer size, and the buffer is filled. * 0x2 Facing coordinate updating is signified by the 0x2 mask. The player's facing-towards X and Y are set to read values; specifically, an unsigned lower-inverted short and little-endian unsigned short, respectively. * 0x20 Notifying client's of a player's health is done via the 0x20 mask. The hitpoint damage done to the player is sent as an unsigned byte, followed by the hit type as a positive inverted byte. The player's current and max health are read as an unsigned inverted byte and unsigned byte, respectively. * 0x200 The 0x200 mask acts in the same way as the 0x20 mask and is most likely associated with special attacks from weapons that have the ability to hit twice at the same time. Hitpoint damage is an unsigned byte, the hit type an unsigned inverted byte, and the current and maximum health being an unsigned byte and unsigned inverted byte, respectively. After the client processes every single player in the update player list, it ends player updating. Game Protocol The game protocol is the in-game communication of player actions between the server and client. Server -> Client Packets use Output Streams. The Server writes information using the Output Streams, and then the Client Receives packet information with input stream's... In order for a Packet to be sent to the client, from the server, a frame is needed to be created first. After the frame frame has been created, the information from the Output Streams, are written, so this makes the information sent to the client for the certain packet. A method in java, for sending the packets information would be like: public void sendMessage(String message) { if (getOutStream() != null) { outStream().createFrameVarSize(253); outStream().writeString(s); outStream().endFrameVarSize(); } } The Client might will read it like: if (packetType 253) { String message = inputStream.readString(); pushMessage("", 4, null); return true; // false to make the packet not work... true to make it work... } Server -> Client Packets Client -> Server Packets Category:RS2